Your coffeemaker been hacked [yet]?

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong…

Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord…

The cautionary tale moves on and offers humor, corrective suggestions…and not a boatload of hope for up-to-date standards. Generally, firmware updates stop in a few years…even though beaucoup electronic products work for many more. As they should.

The sum of new smart home standards

I have long blamed the sad state of the smart home on a lack of a standard. On Wednesday, I may have gotten my wish. Apple, Amazon, and Google all said they would support a new standard for the smart home called Connected Home over IP, or CHIP. So what will that mean, exactly?…

The CHIP standard will be developed under the Zigbee Alliance; a rough draft from the working group is expected in late 2020. While no one is making promises that your existing smart home products will work with the new CHIP standard retroactively, people I’ve spoken with who are involved in the various organizations that make up the alliance believe most of the hubs released over the last two or three years that have BLE, Zigbee, or Thread radios will be able to handle the conversion to CHIP…

I think everyone is at the table because they understand that if they want to build a real business around the smart home that extends beyond mere home automation, they have to build the infrastructure first. The schema is the infrastructure layer.

Makes sense to me. Though I admit, I haven’t moved along quickly at all since the only quadrant in my life best capable of all these links is the “entertainment” corner of the living room. And my Harmony remote already talks to everything. It lives there, anyway.

Is your vacuum cleaner spying on you? + RESPONSE from iRobot…

The following is from an open letter to iRobot CEO Colin Angle. His company makes the very popular Roomba robotic vacuum cleaner. On Monday, ZDNet’s Jake Smith wrote about iRobot’s intention to sell mapping data from customers’ homes to other companies.

❝ Dear Colin,

One of the ways Webster defines “dear” is “highly valued” or “precious.” So, when I start a letter with “Dear Colin,”…I’m just using a commonly accepted way of starting a letter.

This is relevant to our discussion because you’ve recently talked about taking from your customers information that is dear to them, even though you’ve never met most of the people who enjoy the benefits of your products. When your customers buy your products, there are some common expectations.

❝ It looks like you may be thinking about or trying to violate those expectations. By extension, it’s looking like you might be violating the trust given to you by your customers. Even worse, you could be opening the door to security risks that are far worse than they would be worth, just so you can make a few extra bucks on the side.

In a recent Reuters interview, you talked about the value of mapping data, both for doing the job of cleaning a room, and for understanding the environment where internet-connected things need to interoperate. So far, I’m with you…

That data could be used to help maximize lighting, tune sound, optimize microphones, determine when people or pets are in a space, and help conserve energy. All that is good…

❝ But here’s the thing that has the whole internet a-flutter. Apparently, you’re trying to sell that mapping data. I understand that…but once you get into the mode of selling data, the potential for abuse rears its oh-so-ugly head.

You’re no longer mapping our homes to make sure you don’t tear out a power cord or fall down a flight of stairs. You’re moving into the realm of spying on your customers. In your case, though, it’s far worse than those stories of possible always-on webcams or TV sets…

See, none of those other devices can move around the house on their own power. If my TV is in the living room, I know it’s there. If I’m concerned about my privacy, I’m probably not going to parade my naked butt in front of it. But a Roomba can decide to wake itself up. It can wander around the house. It can measure, map, and with your onboard camera, even take pictures.

What could go wrong?

The CEO of iRobot has been further interviewed by ZDNet. He denies that the firm will sell customer data. Pls read it. Judge for yourself.

20 percent of the world’s vacuum cleaners are now robots

❝ Robot vacuums may have once seemed an eccentricity, but they now represent a non-trivial portion of the overall vacuum market – 20 percent worldwide, according to iRobot CEO and co-founder Colin Angle…And Roomba makes up 70 percent of that market, giving iRobot a commanding lead in the space.

Exactly how many robots does that translate to? Over 14 million Roombas sold to date, Angle said, which is a steady business for a consumer product that starts at a price point that tends to be a bit higher than your average human-powered home cleaning hardware.

❝ iRobot’s lead in the market should be easily defensible, Angle says, because the company has a long lead in terms of working on the problem, and because it’s focused on consumer home cleaning products exclusively. iRobot’s become even more focused of late, since the company recently divested itself of its defense and security robotics division and is now focused entirely on the home consumer space.

How long will we continue with individual operating systems for each home electronic assistant – as artificial intelligence becomes more commanding. A deliberate choice, that word. Seems easier to have a centralized house intelligence to run home-based devices. Encrypted and secure from both private and government hackers, of course.

The NSA wants to monitor your pacemaker — bet that makes you feel safe and secure!

The NSA is interested in collecting information from pacemakers and other biomedical devices for national security purposes, according to The Intercept. Richard Ledgett, the agency’s deputy director, reportedly said at a conference…that, “We’re looking at it sort of theoretically from a research point of view right now.”

That suggests this isn’t something the NSA is actively doing; and if it did have the ability, Ledgett indicates that it wouldn’t exactly be a core source of information. “Maybe a niche kind of thing … a tool in the toolbox,” he said, according to The Intercept.

Still, it’s both wild and disconcerting to think that something as critical as a pacemaker could be monitored by a hacker. The NSA doesn’t plan to stop at that, either. Perhaps less surprising is Ledgett’s broader suggestion that the NSA is interested in using information from any internet-connected device.

National Intelligence director James Clapper indicated as much back in February, as The Intercept points out. The Guardian reports Clapper saying, “In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Though he’s stating it here as a hypothetical, it’s not hard to imagine that the NSA views the addition of connectivity to more and more devices — be it a fridge or a pacemaker — as valuable.

The Intercept is becoming more and more a valuable source for anyone concerned with questions of individual liberty and privacy in a connected world.

Our government and the alphabetized creeps on the snoop payroll – really hate it.

Preview the rise of killer robots

The Munich Security Conference is an annual catalogue of horrors. But the most ominous discussion this past weekend wasn’t about Islamic State terrorism but a new generation of weapons — such as killer robots and malignly programmed “smart” appliances that could be deployed in future conflicts.

Behind the main events at the annual discussion of foreign and defense policy here was a topic described in one late-night session as “The Future of Warfare: Race with the Machines.” The premise was that we are at the dawn of an era of conflict in which all wars will be, to some extent, cyberwars, and new weapons will combine radical advances in hardware, software and even biology…

Guests at a “Cyber Dinner” hosted here by the Atlantic Council considered the dawning world of killer appliances. In the coming Internet of Things (IoT), speakers noted, there will soon be more than 30 billion smart chips embedded in cars, elevators, refrigerators, thermostats and medical devices. These pervasive, connected systems may well have poor security and be easily hackable.

The big worry in the future, argued several tech experts at the dinner, may not be data privacy — forget about that — but data security. “You can know my blood type, but don’t change it,” one speaker explained. Hackers may be able to alter data in financial markets, hospitals and electrical grids — paralyzing normal economic and social activity…

From Obama’s favorite Himmlerite, James Clapper:

❝ “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking and targeting for recruitment, or to gain access to networks or user credentials,” Clapper told Congress. And he warned in his testimony that as artificial intelligence is built into weapons, they will be “susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand.”

The chuckle, of course, is that Clapper is either talking about what is on his implementation schedule – or already has in the wild.